[Zope-PAS] dealing with deleted users

Wichert Akkerman wichert at wiggy.net
Sat May 27 18:11:07 EDT 2006


Sure. Long-term I think we'll want to have two plugins instead of doing
both in the one plugin as we do now.

Wichert.


Previously Jens Vagelpohl wrote:
> I would have hoped for a few more opinions before doing that...   
> please don't be so quick next time.
> 
> jens
> 
> 
> On 27 May 2006, at 22:40, Wichert Akkerman wrote:
> 
> >Ok, I'll change PAS to behave like CookieCrumbler on trunk.
> >
> >Wichert.
> >
> >
> >Previously Chris McDonough wrote:
> >>I imagine it's an accident of implementation.
> >>
> >>On May 27, 2006, at 5:22 PM, Jens Vagelpohl wrote:
> >>
> >>>-----BEGIN PGP SIGNED MESSAGE-----
> >>>Hash: SHA1
> >>>
> >>>
> >>>On 27 May 2006, at 20:37, Wichert Akkerman wrote:
> >>>
> >>>>I was investigating a plone bug (http://dev.plone.org/plone/ticket/
> >>>>5355)
> >>>>and it is caused by PAS behaviour. The problems boils down to
> >>>>logic in
> >>>>CookieAuthHelper.extractCredentials: if a cookie is present the
> >>>>credentials are extracted from it and form fields are ignored. This
> >>>>means that if we have a cookie containing credentials which no  
> >>>>longer
> >>>>authenticate it becomes impossible to login as a different user  
> >>>>since
> >>>>the form data is never seen.
> >>>
> >>>Looking at the equivalent in the CookieCrumbler code (method
> >>>modifyRequest) it seems the cookie crumber does it the other way
> >>>around and will look for form data before looking for the cookie.
> >>>I'd be interested to find out the rationale for weighting cookie
> >>>information higher than form data. Does anyone remember?
> >>>
> >>>jens
> >>>
> >>>
> >>>-----BEGIN PGP SIGNATURE-----
> >>>Version: GnuPG v1.4.1 (Darwin)
> >>>
> >>>iD8DBQFEeMMtRAx5nvEhZLIRAk2jAKC10jUqyQphNPvjehDWmP9bXmhDvACgjvwZ
> >>>vGn0MPGP/Ueu77mQOj+c2C4=
> >>>=k3jP
> >>>-----END PGP SIGNATURE-----
> >>>_______________________________________________
> >>>Zope-PAS mailing list
> >>>Zope-PAS at zope.org
> >>>http://mail.zope.org/mailman/listinfo/zope-pas
> >>>
> >>
> >>_______________________________________________
> >>Zope-PAS mailing list
> >>Zope-PAS at zope.org
> >>http://mail.zope.org/mailman/listinfo/zope-pas
> >
> >-- 
> >Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
> >http://www.wiggy.net/                   It is hard to make things  
> >simple.
> >_______________________________________________
> >Zope-PAS mailing list
> >Zope-PAS at zope.org
> >http://mail.zope.org/mailman/listinfo/zope-pas
> 
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.1 (Darwin)
> 
> iD8DBQFEeMhmRAx5nvEhZLIRAmTRAJ9Lh0BfAVgqZzzU16PT03DXRWQ8FgCeI+e9
> QY9D7oTueEquHED+MoVuqSQ=
> =Qhmc
> -----END PGP SIGNATURE-----
> _______________________________________________
> Zope-PAS mailing list
> Zope-PAS at zope.org
> http://mail.zope.org/mailman/listinfo/zope-pas

-- 
Wichert Akkerman <wichert at wiggy.net>    It is simple to make things.
http://www.wiggy.net/                   It is hard to make things simple.


More information about the Zope-PAS mailing list